Page 25 of 317 results (0.009 seconds)

CVSS: 10.0EPSS: 68%CPEs: 48EXPL: 0

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528. Desbordamiento de búfer basado en el montón en el interfaz DCOM (Distributed Component Object Model) del servicio RPCSS de Windows NT/2000/XP/2003 permite a atacantes remotos ejecutar código arbitrario mediante un paquete de petición de petición de activación de objeto DCERPC DCOM malformado, con campos de longitud modificados, una vulnerabilidad distinta de CAN-2003-0352 (Blaster/Nachi) y CAN-2003-0528. • http://marc.info/?l=bugtraq&m=106322856608909&w=2 http://www.cert.org/advisories/CA-2003-23.html http://www.kb.cert.org/vuls/id/483492 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1202 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1813 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A20 http •

CVSS: 10.0EPSS: 67%CPEs: 48EXPL: 0

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715. Desbordamiento de búfer en el interfaz DCOM (Distributed Component Object Model) en el servicio RPCSS permite a atacantes remotos la ejecución arbitraria de código mediante una petición RPC mal construida con un parámetro 'nombre de fichero' largo. Es una vulnerabilidad diferente a las CAN-2003-0352 (utilizada por Blaster y Nachi) y la CAN-2003-0715. • http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0100.html http://marc.info/?l=bugtraq&m=106407417011430&w=2 http://www.cert.org/advisories/CA-2003-23.html http://www.kb.cert.org/vuls/id/254236 http://www.nsfocus.com/english/homepage/research/0306.htm https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A127 https://oval.cisecurity.org/repository/search/definit •

CVSS: 5.0EPSS: 1%CPEs: 46EXPL: 0

The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information. • http://www.kb.cert.org/vuls/id/989932 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3483 •

CVSS: 5.0EPSS: 0%CPEs: 23EXPL: 0

The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method. La función getCanonicalPath en Windows NT 4.0 puede liberar memoria que no posee y causar una corrupción en el montículo, lo que permite a atacantes causar una denegación de servicio (caída) mediante peticiones que causa que un nombre de fichero largo sea pasado a getCanonicalPath, como se ha demostrado en la JVM de IBM usando una cadena larga en el método de Java java.io.getCanonicalPath. • http://www.atstake.com/research/advisories/2003/a072303-1.txt https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-029 https://exchange.xforce.ibmcloud.com/vulnerabilities/12701 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A319 •

CVSS: 7.5EPSS: 97%CPEs: 48EXPL: 4

Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms. Desbordamiento de búfer en una cierta interfaz RPC DCOM en Microsoft Windows NT4, 2000, XP y 2003 permite a atacantes remotos ejecutar código arbitrario mediante un mensaje malformado. • https://www.exploit-db.com/exploits/16749 https://www.exploit-db.com/exploits/100 https://www.exploit-db.com/exploits/22917 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.html http://marc.info/?l=bugtraq&m=105838687731618&w=2 http://marc.info/?l=bugtraq&m=105914789527294&w=2 http://www.cert.org/advisories/CA-2003-16.html http://www.cert.org/advisories/CA-2003-19.htm •